Ask Jack

I have been careless in booking hotel accommodation without checking the site was secure: it wasn't. My carelessness was compounded because the web host in London emailed my credit card details to the hotel in Spain, which confirmed the booking by returning the host's original email. I have cancelled my credit card. The British company says: "We have never experienced a problem with this system and have no plans to change it." Am I being unduly cautious, or are they being complacent? Graham Williams

Jack Schofield replies: It is generally safe to use a credit card on a website as long as it uses a secure connection, as indicated by a small image of a lock at the bottom of the browser window. However, the internet's email system is insecure as designed, and sending an email is like sending a postcard: anyone can read it en route. This probably includes your ISP (internet service provider), the owners of servers that store and forward your email, and the IT staff who look after company mail servers. In theory, it also includes anyone who uses a "packet sniffer" - a type of program that is widely available for free download - either on a server or to tap into your internet connection.

Regardless, all your email is probably being scanned, possibly by UK government employees at GCHQ in Cheltenham, and almost certainly by services attempting to eliminate spam. Scanning for things that look like credit card numbers is trivial. Under these circumstances, I would not recommend sending credit card details in unencrypted email, and I would avoid dealing with any company that does. They should at least put them in a password-protected attachment created using an "archive" program designed to compress (or zip) files - though there are often tools designed to crack these passwords. Another simple alternative is Hushmail (www.hushmail.com).

Perhaps we should have digital signatures and use encryption programs to secure our email. One is PGP (Pretty Good Privacy), available in a free version (www.pgpi.org). Email Encryption for the Lazy (www.dtek.chalmers.se/~d97jorn/pgp/) explains how to use it.

USB limits

Is there a restriction on the number of files that can be saved to a USB drive? Jim McAllister

JS: As far as I know, the only limitation is that imposed by the file system. A USB thumb drive, memory card or phone is likely to use FAT16, the "file allocation table" system from Microsoft's old DOS disk operating system. This can store a maximum of 512 files in the root directory - and this assumed 8-character file names! If the card is 512MB or larger, it probably uses Windows 95's FAT32 file system, which has no such limit. Since using 8.3 filenames (eg Track001.mp3) is probably impractical, you may need to store FAT16 files in separate folders.

Backchat

M Rich asked about transferring data from his old Windows 95 PC (September 8), and I suggested a LapLink cable. Adrian Klos, Colin Hall, Dannie Bonner, John Berry and others suggested the easiest way is to take the IDE hard drive out of the old PC and mount it as a slave in the new one. If it doesn't work, you can end up with a PC that fails to recognise either drive.

Christopher Clifton, John Davies, John Steel, Mike Farmer and others suggested a safer alternative: take the hard drive out of the old PC and screw it into an external USB enclosure. Not all drives fit all enclosures but Peter Johnson and Martin solved the problem with IDE-to-USB conversion cables.